Have you ever wondered how email marketing platforms like Mailchimp, BestRegards, and HubSpot manage to send hundreds or even thousands of emails from your custom domain in just seconds—without flooding your inbox?
This post will explain how these platforms connect to your domain service provider to ensure your emails get delivered, pass spam filters, and maintain your brand’s credibility. Even though the process can get pretty technical, I’ll explain it in a way that’s easy to grasp while still diving into the details.
There are 5 major steps involved:
To begin sending emails on your behalf, the email marketing platform needs to verify that you own the domain you're using. It is like proving that you have the keys to the house before you let someone inside. This verification process typically involves adding a specific DNS (Domain Name System) record to your domain provider’s settings. DNS records serve as the blueprint for how your domain interacts with other internet services; in this case, they confirm to the email marketing platform that you have control over your domain.
The platform will provide you with specific instructions on what DNS record to add. There are two common types of records used for domain verification:
A TXT record is a human-readable string of text that gets added to your domain’s DNS settings. Think of it as a virtual post-it note stuck to your domain’s profile. This text record proves to the email marketing platform that you control the domain because only the domain owner (you) can edit DNS records.
Here’s how it works in detail:
Step 1: Log in to Your Domain Provider – Start by logging in to the website where you manage your domain (e.g., GoDaddy, Namecheap, or Google Domains).
Step 2: Locate DNS Management – Navigate to the DNS management or DNS settings section, often called "DNS Zone" or "Advanced DNS Settings."
Step 3: Add the TXT Record – You’ll see an option to add a new record. Choose “TXT” as the record type. The email marketing platform will give you a specific string to enter into the “Value” or “Content” field. This string is unique to your domain and looks something like this:
v=spf1 include:_spf.emailmarketingplatform.com ~all
The exact content will vary depending on the platform you're using.
Name/Host Field: This will typically be your domain name or “@” (which represents the root domain).
TTL (Time to Live): This field controls how long DNS servers should cache the record before checking for updates. Leave it as the default, which is usually set to something like 3600 seconds (1 hour).
Step 4: Save the Record – Once you've entered the text exactly as the platform provided, save the changes.
The TXT record essentially serves as proof of ownership that the email marketing platform can verify. Once added, it might take up to 48 hours for the DNS changes to propagate globally, but in many cases, the verification happens much faster.
A CNAME record is another type of DNS record used for verification. Unlike a TXT record, which is just a string of text, a CNAME record works by mapping one domain name to another, serving as an alias. In this case, the CNAME record tells the world that your domain (e.g., yourdomain.com) is linked to the email marketing platform’s domain for sending emails.
Here’s the detailed process for adding a CNAME record:
Log in to Your Domain Provider – As with TXT records, log in to your domain provider’s control panel.
Navigate to DNS Management – Go to the section where you manage your domain’s DNS settings.
Add the CNAME Record – Choose “CNAME” from the record type dropdown menu. The platform will give you the exact details you need to enter.
Host/Name Field: This is typically a subdomain like email.yourdomain.com. The platform will specify this value.Value/Points To Field: This is where you’ll enter the domain the CNAME is pointing to, which the platform will provide. For example, it might be something like:
email.emailmarketingplatform.com
TTL (Time to Live): Again, leave this as the default (e.g., 3600 seconds).
Save the CNAME Record – Save the changes, and just like with a TXT record, the platform will now be able to check your DNS settings.
The CNAME record creates a direct link between your domain and the platform, which allows it to send authenticated emails on your behalf. This method is slightly more involved than the TXT record, as it involves mapping part of your domain (like a subdomain) to the platform’s servers.
After you’ve added the TXT or CNAME record, the email marketing platform will automatically start monitoring your DNS settings to verify that the correct record has been added. This is how the process unfolds:
The Platform Queries Your DNS Settings: The platform checks your domain’s DNS records for the specific TXT or CNAME entry you’ve just added. It uses publicly available DNS tools to query the records.
Verification is Completed: Once the platform locates the correct DNS record, it confirms that the domain is verified. Depending on the platform, this can take anywhere from a few minutes to a few hours, as DNS changes need time to propagate.
Authorization to Send Emails: After successful verification, the platform is authorized to send emails on your behalf using your domain. From this point forward, any emails you send through the platform will appear to originate from your domain, such as [email protected], which builds trust with recipients.
This verification step is critical because it not only ensures that emails coming from your domain are legitimate but also helps improve deliverability, reducing the likelihood of your emails being marked as spam.
By adding these DNS records, you're telling the world, "This platform is trusted to send emails from my domain," which is essential in the complex ecosystem of email deliverability. Without these records in place, email servers might reject your emails or mark them as suspicious, negatively impacting your email campaigns.
Now that the platform knows you own the domain, it’s time to ensure that the emails sent from your domain are authenticated. This step is crucial because it prevents bad actors from pretending to send emails from your domain (spoofing) and helps your emails land in recipients’ inboxes instead of spam folders.
Three key protocols ensure authentication:
SPF (Sender Policy Framework)
Think of SPF as a “who’s allowed to send emails for me” list. It’s a record you add to your DNS settings that tells the world which email servers are authorized to send emails on your behalf.
How it works: When an email is sent, the recipient’s email server checks the SPF record to see if the email came from a legitimate server. If it matches, the email is considered safe. An example of an SPF record might look like:
v=spf1 include:emailplatform.com ~all
This says that your email marketing platform is authorized to send emails on behalf of your custom domain.
DKIM (DomainKeys Identified Mail)
DKIM is like a digital signature for your emails. It ensures that the email wasn’t altered after it was sent. The platform signs each outgoing email with a private key and the recipient’s email server checks that signature against the public key stored in your DNS.
How it works: When the email arrives, the receiving server checks the signature using the public key you’ve added to your DNS. If everything matches, the email is confirmed as genuine. Here’s an example of what a DKIM record might look like in your DNS:
default._domainkey.yourdomain.com
v=DKIM1; k=rsa; p=MIGfMA0GCSqG...
DMARC (Domain-based Message Authentication, Reporting & Conformance)
DMARC ties everything together and gives you control over what happens when an email fails SPF or DKIM checks. You can instruct receiving servers to reject, quarantine, or accept such emails.
How it works: You create a DMARC policy in your DNS settings, specifying what to do if an email fails authentication. You can also receive reports on emails that don’t pass the checks, giving you insights into potential spoofing attempts. A simple DMARC policy might look like:
v=DMARC1; p=none; rua=mailto:[email protected]
This tells email servers to do nothing if an email fails (just report it), but you can get notifications via the email address provided.
Once you’ve set up SPF, DKIM, and DMARC, you will need to add these records to your DNS settings. Here’s how you do it:
Log in to your domain provider’s dashboard (where you registered your domain).
Go to DNS Management: Look for a section where you can add custom DNS records.
Insert the SPF, DKIM, and DMARC records: Your email marketing platform will give you the exact values to enter. Each DNS provider has a slightly different interface, but they generally allow you to add TXT and CNAME records easily.
Once your domain is verified and all email authentication protocols are correctly configured, your email marketing platform is now empowered to send emails on your behalf. Let’s break down the process in detail to understand how the magic happens—from the moment you click "Send" to when the email lands in your recipient’s inbox.
This part is where your creativity and strategy come into play. Using the email marketing platform’s interface, you’ll:
Design the Email: This could include creating templates, adding images, writing copy, and inserting dynamic elements (like personalization fields that populate each recipient's name). Most email marketing platforms offer drag-and-drop editors that make designing emails easy and intuitive. BestRegards stands out, offering a Notion-style email builder that goes beyond traditional drag-and-drop interfaces, giving users a far superior design experience.
Select Your Audience: You choose which segments of your mailing list to target. Email platforms allow you to filter your contacts based on various criteria like engagement level, location, purchase history, or other custom tags you’ve applied. Review and Test: You can preview your email to see how it will look in various email clients (e.g., Gmail, Outlook, Yahoo) and on different devices (desktop and mobile). Most platforms also offer an option to send test emails to yourself or team members to ensure everything appears correctly. Once you’re satisfied with your email, you click "Send," and the email marketing platform takes over from there.
After you hit “Send”, the email marketing platform’s infrastructure springs into action. Here’s a more detailed look at what happens behind the scenes:
Batch Processing: Depending on the size of your email list, the platform might break the campaign into smaller batches to send the emails. This prevents overloading the system and helps ensure smooth delivery.
Connecting to the Authorized Sending Servers: The platform uses the servers that you’ve authorized via the SPF (Sender Policy Framework) record. These servers are listed in your DNS records, signalling to the recipient’s email provider that they are legitimate and allowed to send emails on your behalf. These servers take the email content and format it according to standard email transmission protocols (specifically, SMTP, or Simple Mail Transfer Protocol). SMTP handles the logistics of email delivery, ensuring that emails are correctly routed to their destinations.
Signing the Email with DKIM: The platform adds a digital signature to the email using DKIM (DomainKeys Identified Mail). This signature is a cryptographic hash placed in the email header, proving that the email was sent from your domain and hasn’t been tampered with. Each time an email is sent, the private DKIM key is used to generate a signature unique to that email. The recipient's server will later use your public key (stored in your DNS records) to verify this signature.
Enforcing DMARC Policy: If you have set up a DMARC (Domain-based Message Authentication, Reporting & Conformance) policy, it now comes into play. The platform ensures that each email conforms to the DMARC requirements by ensuring SPF and DKIM authentication is in place. Depending on your DMARC policy, any email that doesn’t pass these checks can be flagged for action (rejected, sent to spam, or monitored for reporting).
Once the email has been processed, signed, and sent out by the email marketing platform, it embarks on its journey across the internet via the platform’s SMTP servers. The path it takes is as follows:
DNS Lookup: The recipient’s email server performs a DNS lookup to check your domain’s SPF, DKIM, and DMARC records. The receiving server essentially asks, “Is this email being sent from an authorized server? Is the email signature valid? Does the sender have proper policies in place for email authentication?”
Queuing and Routing: The recipient’s email provider (such as Gmail, Yahoo, or Outlook) might place the email in a queue to be processed. It also runs its filters for spam, malware, or phishing. The server checks the email’s metadata and content for red flags, such as suspicious links, known spam keywords, or improper email structure.
Handling Graylisting: Some email servers use a technique called graylisting, where the recipient’s server temporarily rejects the email the first time it’s sent to test whether the sender retries (spammers often won’t bother). If your email platform is legitimate, it will retry sending the email after a brief delay.
Email Lands in the Recipient’s Inbox: When the recipient’s email server finally receives the email, it performs a series of checks before delivering it to the inbox. Let’s dive into those checks:
SPF Check: The server checks the SPF record to see if the email was sent from one of the IP addresses listed in your SPF DNS record. If the sending server is not on the list, the email might be flagged as spoofed or rejected.
DKIM Validation: The server uses the DKIM public key (stored in your DNS settings) to verify that the digital signature in the email header matches the content of the email. If the DKIM signature passes, the server knows the email wasn’t altered in transit.
DMARC Enforcement: The server cross-checks SPF and DKIM results with your DMARC policy. If the email fails either SPF or DKIM, the server looks at your DMARC record to decide what to do with it. If your policy is set to:
Reputation: How trustworthy is the domain sending the email? Have previous emails from this domain been marked as spam?
Content: Does the email contain spammy words, excessive images, or a suspicious number of links?
Engagement: How often does the recipient engage with emails from this sender? Have they opened or clicked emails from this domain in the past? If the email passes all these tests, it lands safely in the recipient’s inbox. If any check fails, the email might be sent to the spam folder, quarantined, or even rejected outright, depending on the recipient’s email provider and your DMARC settings.
Even after setting everything up, it’s important to monitor how your emails are performing. Email marketing platforms often provide tools to track your domain’s reputation and deliverability rates.
Some key metrics to watch:
Bounce rate: If a large number of emails are bouncing, it could signal that your list needs cleaning or there are issues with your authentication setup.
Spam complaints: If people are marking your emails as spam, it can damage your domain’s reputation.
Open rates: Low open rates can signal that your emails aren’t reaching the inbox. You can also use external tools like Google Postmaster or MXToolbox to keep an eye on your email authentication and reputation.
Email marketing platforms make sending bulk emails seem effortless, but behind the scenes, there’s a well-oiled machine of DNS records, authentication protocols, and servers working in harmony. By verifying your domain and setting up SPF, DKIM, and DMARC, you’re not only protecting your brand but also increasing your chances of landing in your audience’s inbox.
Understanding this technical process can help you fine-tune your email marketing efforts, ensuring that every email you send builds trust, enhances deliverability, and strengthens your brand’s reputation.
If you found this insightful, follow me on social media for more tips and behind-the-scenes tech insights!